ComboFix 14-04-08.01 - Rajni 08-04-2014 19:35:56.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4002.2125 [GMT 2:00] Gestart vanuit: c:\users\Rajni\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2014-03-08 to 2014-04-08 )))))))))))))))))))))))))))))) . . 2014-04-08 17:38 . 2014-04-08 17:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-04-07 21:41 . 2014-04-07 21:41 -------- d-----w- C:\_OTL 2014-04-07 16:25 . 2014-04-07 16:25 -------- d-----w- c:\users\Rajni\AppData\Local\Facebook 2014-04-06 11:57 . 2014-04-07 21:43 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-04-06 11:57 . 2014-04-06 11:57 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-04-06 11:57 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-04-06 11:57 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-04-04 21:56 . 2014-04-04 21:48 24064 ----a-w- c:\windows\zoek-delete.exe 2014-04-04 21:56 . 2014-04-08 17:38 -------- d-----w- c:\users\Rajni\AppData\Local\Temp 2014-04-04 21:48 . 2014-04-04 21:55 -------- d-----w- C:\zoek_backup 2014-03-28 20:42 . 2014-03-28 20:42 -------- d-----w- c:\program files\Adblock Plus for IE 2014-03-28 20:27 . 2014-03-28 20:27 -------- d-----w- c:\program files\Windows Live 2014-03-28 20:26 . 2014-03-28 20:26 -------- d-----w- c:\users\Rajni\AppData\Local\NVIDIA 2014-03-28 20:22 . 2014-03-28 20:22 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-03-28 20:22 . 2014-03-28 20:22 312728 ----a-w- c:\windows\system32\javaws.exe 2014-03-28 20:22 . 2014-03-28 20:22 191384 ----a-w- c:\windows\system32\javaw.exe 2014-03-28 20:22 . 2014-03-28 20:22 190872 ----a-w- c:\windows\system32\java.exe 2014-03-28 20:22 . 2014-03-28 20:22 111000 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2014-03-28 20:22 . 2014-03-28 20:36 -------- d-----w- c:\program files\Java 2014-03-28 20:19 . 2014-03-04 11:32 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2014-03-28 19:37 . 2014-03-28 19:37 -------- d-----w- c:\program files\trend micro 2014-03-28 19:37 . 2014-03-28 19:37 -------- d-----w- C:\rsit 2014-03-26 18:47 . 2014-04-04 19:32 -------- d-----w- c:\windows\system32\drivers\NISx64\1502000.026 2014-03-20 22:12 . 2014-03-20 22:12 -------- d-----w- c:\users\Rajni\AppData\Roaming\Visan 2014-03-20 22:03 . 2014-03-20 22:03 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2014-03-20 22:03 . 2014-03-20 22:03 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll 2014-03-20 22:03 . 2014-03-20 22:03 11589272 ----a-w- c:\windows\system32\nvopencl.dll 2014-03-18 00:35 . 2014-03-18 00:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2014-03-17 20:13 . 2014-03-17 20:13 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2014-03-17 20:13 . 2014-03-17 20:13 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework 2014-03-17 20:13 . 2014-03-17 20:13 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2014-03-17 20:12 . 2014-03-17 20:12 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2014-03-17 20:12 . 2014-03-17 20:12 -------- d-----w- c:\program files\Microsoft Office 2014-03-17 20:12 . 2014-03-17 20:12 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2014-03-17 20:12 . 2014-03-17 20:12 -------- d-----w- c:\users\Rajni\AppData\Local\Microsoft Help 2014-03-17 20:12 . 2014-03-18 20:57 -------- d-----w- c:\programdata\Microsoft Help 2014-03-17 20:12 . 2014-03-17 20:12 -------- d-----r- C:\MSOCache 2014-03-17 19:43 . 2014-03-17 19:43 -------- d-----w- c:\users\Rajni\AppData\Roaming\OpenOffice 2014-03-14 23:27 . 2014-03-28 20:43 -------- d-----w- c:\program files (x86)\Microsoft 2014-03-14 23:27 . 2014-04-07 21:54 -------- d-----w- c:\programdata\HP Photo Creations 2014-03-14 23:27 . 2014-03-20 22:11 -------- d-----w- c:\programdata\Visan 2014-03-14 23:27 . 2014-03-14 23:27 -------- d-----w- c:\program files (x86)\HP Photo Creations 2014-03-14 23:27 . 2014-03-29 13:53 -------- d-----w- c:\users\Rajni\AppData\Roaming\HpUpdate 2014-03-14 23:27 . 2012-10-17 03:31 741480 ------w- c:\windows\system32\HPDiscoPMB111.dll 2014-03-14 23:26 . 2014-03-14 23:35 -------- d-----w- c:\programdata\HP 2014-03-14 23:26 . 2014-03-14 23:35 -------- d-----w- c:\program files (x86)\HP 2014-03-14 23:26 . 2014-03-14 23:26 -------- d-----w- c:\program files\HP 2014-03-14 23:23 . 2014-03-14 23:29 -------- d-----w- c:\users\Rajni\AppData\Local\HP . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-04-03 07:50 . 2014-01-21 23:59 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-20 22:03 . 2014-01-20 20:00 62408 ----a-w- c:\windows\system32\OpenCL.dll 2014-03-20 22:03 . 2014-01-20 20:00 54216 ----a-w- c:\windows\SysWow64\OpenCL.dll 2014-03-20 22:03 . 2013-10-27 08:12 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll 2014-03-20 22:03 . 2013-10-27 08:12 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2014-03-20 22:03 . 2013-10-27 08:12 947808 ----a-w- c:\windows\system32\nvumdshimx.dll 2014-03-20 22:02 . 2013-10-27 08:12 3093280 ----a-w- c:\windows\system32\nvapi64.dll 2014-03-20 22:02 . 2013-10-27 08:12 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll 2014-03-11 21:43 . 2014-01-20 20:00 90015360 ----a-w- c:\windows\system32\MRT.exe 2014-03-11 21:35 . 2014-01-21 21:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-11 21:35 . 2014-01-21 21:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-04 13:06 . 2014-01-20 20:00 3497816 ----a-w- c:\windows\system32\nvsvc64.dll 2014-03-04 13:06 . 2014-01-20 20:00 6714312 ----a-w- c:\windows\system32\nvcpl.dll 2014-03-04 13:05 . 2014-01-20 20:00 922968 ----a-w- c:\windows\system32\nvvsvc.exe 2014-03-04 13:05 . 2014-01-20 20:00 64968 ----a-w- c:\windows\system32\nvshext.dll 2014-03-04 13:05 . 2014-01-20 20:00 2558808 ----a-w- c:\windows\system32\nvsvcr.dll 2014-03-04 13:05 . 2014-01-20 20:00 386336 ----a-w- c:\windows\system32\nvmctray.dll 2014-03-04 13:05 . 2014-01-20 20:00 3649185 ----a-w- c:\windows\system32\nvcoproc.bin 2014-01-24 22:34 . 2014-01-20 19:33 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2014-01-21 23:29 . 2014-01-21 23:29 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2014-01-21 23:29 . 2014-01-21 23:29 942592 ----a-w- c:\windows\system32\jsIntl.dll 2014-01-21 23:29 . 2014-01-21 23:29 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2014-01-21 23:29 . 2014-01-21 23:29 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2014-01-21 23:29 . 2014-01-21 23:29 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2014-01-21 23:29 . 2014-01-21 23:29 77312 ----a-w- c:\windows\system32\tdc.ocx 2014-01-21 23:29 . 2014-01-21 23:29 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2014-01-21 23:29 . 2014-01-21 23:29 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2014-01-21 23:29 . 2014-01-21 23:29 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2014-01-21 23:29 . 2014-01-21 23:29 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2014-01-21 23:29 . 2014-01-21 23:29 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-01-21 23:29 . 2014-01-21 23:29 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2014-01-21 23:29 . 2014-01-21 23:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2014-01-21 23:29 . 2014-01-21 23:29 48640 ----a-w- c:\windows\system32\mshtmler.dll 2014-01-21 23:29 . 2014-01-21 23:29 413696 ----a-w- c:\windows\system32\html.iec 2014-01-21 23:29 . 2014-01-21 23:29 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-01-21 23:29 . 2014-01-21 23:29 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2014-01-21 23:29 . 2014-01-21 23:29 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2014-01-21 23:29 . 2014-01-21 23:29 337408 ----a-w- c:\windows\SysWow64\html.iec 2014-01-21 23:29 . 2014-01-21 23:29 247808 ----a-w- c:\windows\system32\msls31.dll 2014-01-21 23:29 . 2014-01-21 23:29 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2014-01-21 23:29 . 2014-01-21 23:29 235008 ----a-w- c:\windows\system32\elshyph.dll 2014-01-21 23:29 . 2014-01-21 23:29 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2014-01-21 23:29 . 2014-01-21 23:29 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2014-01-21 23:29 . 2014-01-21 23:29 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2014-01-21 23:29 . 2014-01-21 23:29 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2014-01-21 23:29 . 2014-01-21 23:29 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2014-01-21 23:29 . 2014-01-21 23:29 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2014-01-21 23:29 . 2014-01-21 23:29 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2014-01-21 23:29 . 2014-01-21 23:29 105984 ----a-w- c:\windows\system32\iesysprep.dll 2014-01-21 23:29 . 2014-01-21 23:29 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-01-21 23:29 . 2014-01-21 23:29 296960 ----a-w- c:\windows\system32\dxtrans.dll 2014-01-21 23:29 . 2014-01-21 23:29 84992 ----a-w- c:\windows\system32\mshtmled.dll 2014-01-21 23:29 . 2014-01-21 23:29 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-01-21 23:29 . 2014-01-21 23:29 81408 ----a-w- c:\windows\system32\icardie.dll 2014-01-21 23:29 . 2014-01-21 23:29 774144 ----a-w- c:\windows\system32\jscript.dll 2014-01-21 23:29 . 2014-01-21 23:29 62464 ----a-w- c:\windows\system32\pngfilt.dll 2014-01-21 23:29 . 2014-01-21 23:29 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2014-01-21 23:29 . 2014-01-21 23:29 48128 ----a-w- c:\windows\system32\imgutil.dll 2014-01-21 23:29 . 2014-01-21 23:29 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2014-01-21 23:29 . 2014-01-21 23:29 30208 ----a-w- c:\windows\system32\licmgr10.dll 2014-01-21 23:29 . 2014-01-21 23:29 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2014-01-21 23:29 . 2014-01-21 23:29 243200 ----a-w- c:\windows\system32\webcheck.dll 2014-01-21 23:29 . 2014-01-21 23:29 235520 ----a-w- c:\windows\system32\url.dll 2014-01-21 23:29 . 2014-01-21 23:29 167424 ----a-w- c:\windows\system32\iexpress.exe 2014-01-21 23:29 . 2014-01-21 23:29 147968 ----a-w- c:\windows\system32\occache.dll 2014-01-21 23:29 . 2014-01-21 23:29 143872 ----a-w- c:\windows\system32\wextract.exe 2014-01-21 23:29 . 2014-01-21 23:29 13824 ----a-w- c:\windows\system32\mshta.exe 2014-01-21 23:29 . 2014-01-21 23:29 135680 ----a-w- c:\windows\system32\iepeers.dll 2014-01-21 23:29 . 2014-01-21 23:29 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-01-21 23:29 . 2014-01-21 23:29 101376 ----a-w- c:\windows\system32\inseng.dll 2014-01-21 22:37 . 2014-01-21 22:37 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2014-01-21 22:37 . 2014-01-21 22:37 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2014-01-21 22:37 . 2014-01-21 22:37 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2014-01-21 22:37 . 2014-01-21 22:37 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2014-01-21 22:37 . 2014-01-21 22:37 363008 ----a-w- c:\windows\system32\dxgi.dll 2014-01-21 22:37 . 2014-01-21 22:37 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2014-01-21 22:37 . 2014-01-21 22:37 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 296960 ----a-w- c:\windows\system32\d3d10core.dll 2014-01-21 22:37 . 2014-01-21 22:37 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2014-01-21 22:37 . 2014-01-21 22:37 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2014-01-21 22:37 . 2014-01-21 22:37 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-01-21 22:37 . 2014-01-21 22:37 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2014-01-21 22:37 . 2014-01-21 22:37 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2014-01-21 22:37 . 2014-01-21 22:37 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2014-01-21 22:37 . 2014-01-21 22:37 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2014-01-21 22:37 . 2014-01-21 22:37 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "HP Photosmart 5520 series (NET)"="c:\program files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-03-12 134616] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848] "LWS"="p:\logitech webcam\LWS\Webcam Software\LWS.exe" [2012-09-12 204136] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-04 224128] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;p:\skype\Updater\Updater.exe;p:\skype\Updater\Updater.exe [x] R3 cleanhlp;cleanhlp;c:\users\Rajni\Desktop\virus scanner's\Altijd\emsisoft\Run\cleanhlp64.sys;c:\users\Rajni\Desktop\virus scanner's\Altijd\emsisoft\Run\cleanhlp64.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\drivers\PxHlpa64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1502000.026\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1502000.026\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [x] S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140404.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140404.001\IDSvia64.sys [x] S1 SASDIFSV;SASDIFSV;p:\super anti spyware\SASDIFSV64.SYS;p:\super anti spyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;p:\super anti spyware\SASKUTIL64.SYS;p:\super anti spyware\SASKUTIL64.SYS [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1502000.026\SYMNETS.SYS [x] S2 !SASCORE;SAS Core Service;p:\super anti spyware\SASCORE64.EXE;p:\super anti spyware\SASCORE64.EXE [x] S2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;p:\adobe fotoshop\Elements 12 Organizer\PhotoshopElementsFileAgent.exe;p:\adobe fotoshop\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [x] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\TVMonitor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-03-15 20:07 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2014-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-21 21:35] . 2014-04-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2231386959-968710921-1873723038-1000Core.job - c:\users\Rajni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-07 16:25] . 2014-04-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2231386959-968710921-1873723038-1000UA.job - c:\users\Rajni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-07 16:25] . 2014-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20 21:46] . 2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20 21:46] . 2014-04-07 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\Communicator.exe [2011-02-21 10:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6846096] "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "p:\fences\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: Afbeelding knippen - p:\evernote\\EvernoteIERes\Clip.html?clipAction=4 IE: Clip image - p:\evernote\EvernoteIERes\Clip.html?clipAction=4 IE: Clip selection - p:\evernote\EvernoteIERes\Clip.html?clipAction=3 IE: Clip this page - p:\evernote\EvernoteIERes\Clip.html?clipAction=1 IE: Clip URL - p:\evernote\EvernoteIERes\Clip.html?clipAction=0 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Kopieer selectie - p:\evernote\\EvernoteIERes\Clip.html?clipAction=3 IE: Kopieer URL - p:\evernote\\EvernoteIERes\Clip.html?clipAction=0 IE: New note - p:\evernote\EvernoteIERes\NewNote.html IE: Nieuwe notitie - p:\evernote\\EvernoteIERes\NewNote.html IE: Pagina opemen - p:\evernote\\EvernoteIERes\Clip.html?clipAction=1 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Rajni\AppData\Roaming\Mozilla\Firefox\Profiles\ep2kmqoe.default\ FF - prefs.js: browser.search.selectedEngine - Norton Safe Search FF - prefs.js: browser.startup.homepage - www.google.nl . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-Run- - (no file) Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe SafeBoot-CleanHlp SafeBoot-CleanHlp.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-{fd97d1e2-368a-4cd9-af63-8eeff938044a} - c:\programdata\Package Cache\{fd97d1e2-368a-4cd9-af63-8eeff938044a}\adblockplusie-1.1.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38;c:\program files (x86)\Norton Internet Security\Engine64\21.2.0.38" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2231386959-968710921-1873723038-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2231386959-968710921-1873723038-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2014-04-08 19:38:52 ComboFix-quarantined-files.txt 2014-04-08 17:38 . Pre-Run: 70.718.545.920 bytes beschikbaar Post-Run: 70.099.808.256 bytes beschikbaar . - - End Of File - - 0AE087664FCB42E1B6CBA88A3A07E471 A36C5E4F47E84449FF07ED3517B43A31